What's Happening?

Facebook Twitter Youtube Linkedin

NEED HELP? QUESTIONS@FIA.ORG.ZA

become A FIA member TODAY
member login

The complications with cyber

ARTICLE BY

  • Marsh
  • Short term insurance

SHARE THIS POST

By Sashnee Singh, Cybersecurity Business Lead, Marsh

 

Without significant regional claims data, creating accurate pricing models for cyber insurance has been challenging, which is why many insurers moved to technical rates of underwriting from a retention and premium threshold perspective.

Cyber insurance in sub-Saharan Africa is entering a firm market cycle, though not at the severity seen in other parts of the world.

Now that there is more claims activity and data is being amassed, it is evident that cyber risk has been thinly rated. To this end, we are seeing increases in the region of 50%, as well as a move of cyber to a catastrophe-type coverage.

African insurers are still very bullish in exploring and writing new business. There are huge growth opportunities within the region, particularly in Ghana, Botswana, Zambia, Nigeria, Tanzania, Namibia and South Africa, with the latter being the most mature of these markets.

While insurers in countries like South Africa have the appetite, there is still a need to go through international markets —mainly London — for solutions. This is particularly true when bespoke solutions are required and/or companies are buying high limits, and thus require access to markets that are able to offer considerable capacity. When going through international markets, however, the rating models will not operate in local currency. In South Africa where policies are in rand, it is not uncommon for there to be some impact from high currency conversion rates. Fortunately, there are workarounds that Marsh’s international network is able to tap into.

 

R50 million attack

The majority of cyber claims in sub-Saharan Africa relate to extortion and ransomware. Scenarios include the restoration of system integrity after encryption for a ransom fee; or the prevention of the leak of confidential, personal, or business information for a ransom fee. Generally, costs relate to incident response, lost revenue, and additional cost of working. This is all first-party cost losses, relating to incident response, business interruption, and extortion costs. 

A healthcare organisation in South Africa experienced a major ransomware attack of this nature in 2020. It is estimated that the total claim may reach R50 million — the biggest claim in the region — and will have a considerable adverse impact on the insurer’s loss ratio when settled.

In sub-Saharan Africa, there are very few legal liability actions in this space. This is generally due to lack of customer awareness. In most African countries, there is no requirement to notify data-owners — whether they are customers, suppliers, or employees — that there has been a breach of information. This is further heightened by the absence of established information regulators in African countries. Most of the claims, as demonstrated above, focus on first-party losses.

As a result of no notification requirements, and no strong adverse regulatory response, the uptake of cyber insurance in sub-Saharan Africa has been relatively low. We did, however, see an uptick in 2018, predominantly from large corporates; this was in line with legislation in countries like Nigeria. Still, this was not a mass mid-market purchase, as it was perceived as quite an expensive class of insurance.

However, South Africa is set to see new data laws in the form of the Protection of Personal information Act (POPI) coming into force in July 2021. This places an onus on how companies acquire, share, secure, transfer and destroy private and sensitive information. Non-compliance may result in fines of up to R10 million, civil liability actions and, in extreme cases, jail time of up to 10 years.

It is worth noting that to bring a liability claim, financial loss must be demonstrated in South Africa. When legislation comes into force and can support causal links between loss of data and financial loss, we could possibly see a sharp increase in liability claims. With this said, as the country is known to not be particularly litigious, we are not expecting to see claims at levels seen in the US or UK.

As the regulation matures, we are prepared for an uptick, but we see first-party cost claims continuing to dominate.

Read Marsh’s Sub-Saharan Africa Insurance Market Update for insights into the key risks impacting markets, the current state of pricing, and possible future trends. 

Subscriber Terms and Conditions

  1. APPLICATION OF TERMS
    • These terms and conditions (“Subscriber Terms”) apply to the subscription by any qualifying member of the South African Underwriting Managers Association NPC (“SAUMA”) to the services and benefits offered by FIA Services (Pty) Ltd (“FIA Services”) under the SAUMA affiliation arrangement (“Subscription”).

  2. NATURE OF SUBSCRIPTION
    • A Subscription under this arrangement:
      • does not constitute membership of FIA NPC;
      • does not confer any voting rights or governance participation in FIA NPC; and
      • is governed solely by the contractual relationship between the Subscriber and FIA Services.

  1. ELIGIBILITY
    • To qualify for the Subscription, the applicant must, at the time of application, be a current paid-up member of SAUMA.
    • FIA Services will verify the applicant’s SAUMA membership status with SAUMA prior to activation, and may re-verify such status periodically.
    • If a Subscriber ceases to be a paid-up member of SAUMA, the Subscription will correspondingly be terminated.
    • Applicants are required to authorise FIA Services to confirm their SAUMA membership status with SAUMA as part of the application process.

  1. SERVICES
    • The Subscription entitles the Subscriber to the following benefits:
      • Complimentary access to the FIA CPD Platform;
      • Complimentary access to the FIA Insight Magazine (digital edition);
      • Advertising opportunities on FIA platforms at a discounted rate of 15% (fifteen percent) off the prevailing published rates; and
      • Invitations to attend FIA Technical Webinars annually.
    • FIA Services reserves the right to update, vary or substitute the Services from time to time, provided that the overall value and nature of the benefits remain materially the same.

  1. FEES AND PAYMENT
    • The monthly subscription fee is R260.00 (two hundred and sixty rand) for up to seven registered individuals (Key Individuals and Representatives), and R36.00 (thirty-six rand) per additional registered individual thereafter, excluding VAT.
    • The Subscriber shall provide FIA Services with the required details of each individual to be registered under the Subscription for the purposes of activation and billing.
    • All fees are exclusive of VAT, which shall be charged at the prevailing statutory rate.
    • Subscription fees are reviewed annually in March and may be adjusted with effect from 1 April.
    • Any changes to the Subscription, including but not limited to the number of Representatives and Key Individuals registered under the Subscription, may only be effected once annually during the annual review period in March of each year, with such changes taking effect from 1 April.
    • Subscription fees shall be billed monthly in arrears, unless the Subscriber elects an annual billing cycle at the time of application.
    • The Subscriber shall ensure that all billing information (including contact details, authorised signatories and bank account details) is kept accurate and up to date.
    • Non-payment of subscription fees may result in suspension of access to the Services until such fees are brought up to date.
    • The Subscriber acknowledges and agrees that all subscription fees payable under these Subscriber Terms may be collected by way of debit order, which shall be processed by the holding company, FIA NPC (The Financial Intermediary Association of South Africa), on behalf of FIA Services. Payment to FIA NPC shall be deemed to constitute valid and sufficient discharge of the Subscriber’s payment obligations to FIA Services under these Subscriber Terms.

  1. ONBOARDING
    • Onboarding will be conducted as a Subscription with FIA Services under the SAUMA affiliation arrangement.
    • Onboarding will not confer FIA NPC membership status or any associated rights.
    • Onboarding is conditional on confirmation of the Subscriber’s current SAUMA membership at the time of application

  1. DATA PROTECTION
    • FIA Services will process all personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) as set out in our POPIA policies.
    • By subscribing, the Subscriber authorises FIA Services to confirm their SAUMA membership status with SAUMA and to process personal information for the purposes of fulfilling the Subscription.

  1. TERMINATION
    • The Subscriber may terminate the Subscription by giving FIA Services one calendar month’s written notice.
    • FIA Services may terminate the Subscription on one calendar month’s written notice, or immediately if the Subscriber breaches these Subscriber Terms and fails to remedy such breach within 14 (fourteen) days of receiving written notice.
    • Termination of the SAUMA–FIA Services affiliation agreement shall not automatically terminate these Subscriber Terms.
    • Termination by the Subscriber shall not relieve the Subscriber of liability for any subscription fees accrued up to the effective date of termination.
    • FIA Services may suspend or terminate the Subscription with immediate effect in the event of non-payment of fees by the Subscriber.

  1. GENERAL
    • These Subscriber Terms are governed by the laws of the Republic of South Africa.
    • Any disputes arising under these Subscriber Terms shall be dealt with in accordance with the dispute resolution provisions contained in the FIA NPC membership terms and conditions, as modified to reflect that the contractual relationship is with FIA Services.
    • Any notices required under these Subscriber Terms may be validly delivered by email to the addresses provided in the Subscriber’s application form, and such notices shall be deemed received on the day of transmission if sent during business hours.
    • The Subscriber may not assign, cede or transfer any of its rights or obligations under these Subscriber Terms without the prior written consent of FIA Services.
    • No variation of these Subscriber Terms shall be of any force or effect unless reduced to writing and signed by both FIA Services and the Subscriber.